>I would think every decent telnet server is capable of logging the >incoming requests. Anyway, comments inline. > >At 07:38 PM 7/17/2003 +0000, [EMAIL PROTECTED] wrote: >>I have a strange request: I need to find out who's telnetting to a remote >>host. I don't have sniffer on the remote site so I'm thinking using debug to >>get this information. >> >>I created an access-list 100 permit tcp any host 1.1.1.1 eq 23 log, >> then debug ip packet detail 100. > >You don't need the 'log' keyword if you use the access list for debugging. > >However, such debugging is fairly challenging if you are running CEF or >maybe even with fast-switching, as then the packets won't touch the code >where debugging is happening. If you are not afraid of killing the router, >then force it to do process switching and I am sure you will see the packets. > >A better solution would be however to apply the access list (with the log >keyword!)
.. and with a 'permit ip any any' at the end... :) > to the interface using the 'access-group' command. Then you will see > things like > > list 100 permitted tcp -> , 1 packet > >in the log. > >> I expect to see source IP addresses. But I don't see >>nothing. If I add access-list 100 permit ip any any as 2nd line, I start >>seeing all the output but it's so much that killed the router. > >:))) > >Thanks, > >Zsombor > > >>What's wrong with my access-list? >> >>Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72524&t=72505 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
